By Topic

Research in Security and Privacy, 1991. Proceedings., 1991 IEEE Computer Society Symposium on

Date 20-22 May 1991

Filter Results

Displaying Results 1 - 25 of 29
  • Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy (Cat. No.91CH2986-8)

    Publication Year: 1991
    Save to Project icon | Request Permissions | PDF file iconPDF (826 KB)  
    Freely Available from IEEE
  • On the buzzword `security policy'

    Publication Year: 1991 , Page(s): 219 - 230
    Cited by:  Papers (9)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (892 KB)  

    It is pointed out that, although the term `security policy' is fundamental to computer security, its conflicting meanings have obscured important conceptual distinctions, especially where concerns other than confidentiality are involved. A clearer definition is needed to clarify routine technical discourse, facilitate resolution of key research issues, and establish the scope of security research ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SPX: global authentication using public key certificates

    Publication Year: 1991 , Page(s): 232 - 244
    Cited by:  Papers (21)  |  Patents (26)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (904 KB)  

    SPX, a reference implementation of an open distributed authentication service architecture based on ISO Standard 9594-9/CCITT X.509 directory public key certificates and hierarchically organized certification authorities, is described. SPX manages the end system state and provides the run-time environment enabling applications to mutually authenticate on the basis of a global principal identity. S... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Exploring the BAN approach to protocol analysis

    Publication Year: 1991 , Page(s): 171 - 181
    Cited by:  Papers (10)  |  Patents (2)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (700 KB)  

    The BAN approach to analysis of cryptographic protocols (M. Burrows et al., 1988) transforms a correctness requirement into a proof obligation of a formal belief logic. It is shown that the BAN protocol annotation rules make flaws due solely to protocol step permutation undetectable by the BAN logic. This is illustrated by a short example. In the style of BAN logic, the author defines the concept ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Turing Test and non-information flow

    Publication Year: 1991 , Page(s): 373 - 385
    Cited by:  Papers (7)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (980 KB)  

    Shows how the Turing Test provides a very simple yet very general characterization of non-information flow in multilevel information systems. Despite its conceptual simplicity, the Turing Test provides the study of information flow with an extremely useful notion which seems to be a significant departure from other current information flow theories. Turing's powerful idea is that information entro... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Discretionary access controls in a high-performance object management system

    Publication Year: 1991 , Page(s): 288 - 299
    Cited by:  Papers (7)  |  Patents (35)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (904 KB)  

    A method for efficiently implementing access control lists (ACLs) in the main memory object-oriented database systems (OODBSs) is proposed. The main features of the method are the following: ACLs are not stored directly, but via ACL numbers; and each process has a cache which records results of evaluations of ACLs for this process and certain ACL numbers. The particular implementation of ACL numbe... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A system for the specification and analysis of key management protocols

    Publication Year: 1991 , Page(s): 182 - 195
    Cited by:  Papers (19)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1048 KB)  

    Describes a formal specification language and verification technique for analyzing key management protocols. A prototype verification tool that can be used to apply this technique is introduced. A protocol intended for use in the management of resource sharing, is formally specified and verified, and it is shown how the use of the considered techniques led to the discovery of a flaw that could be ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An analysis of covert timing channels

    Publication Year: 1991 , Page(s): 2 - 7
    Cited by:  Papers (37)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (520 KB)  

    Covert channels have traditionally been categorized as either storage channels or timing channels. The author questions this categorization, and discusses channels that cannot be clearly identified as either storage or timing channels, but have aspects of both. A new model of timing channels is presented, which allows for channels that have characteristics of both storage channels and timing chann... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Directed-graph epidemiological models of computer viruses

    Publication Year: 1991 , Page(s): 343 - 359
    Cited by:  Papers (108)  |  Patents (9)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1392 KB)  

    The strong analogy between biological viruses and their computational counterparts has motivated the authors to adapt the techniques of mathematical epidemiology to the study of computer virus propagation. In order to allow for the most general patterns of program sharing, a standard epidemiological model is extended by placing it on a directed graph and a combination of analysis and simulation is... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Safety analysis for the extended schematic protection model

    Publication Year: 1991 , Page(s): 87 - 97
    Cited by:  Papers (7)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (900 KB)  

    It is argued that the access matrix model of M.H. Harrison, W.L. Ruzzo and J.D. Ullman (HRU) (1976) has extremely weak safety properties; safety analysis is undecidable for most policies of practical interest. An alternate formulation of the HRU model is presented that gives strong safety properties. This alternative formulation is called the extended schematic protection model (ESPM). ESPM is der... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verification of secure distributed systems in higher order logic: A modular approach using generic components

    Publication Year: 1991 , Page(s): 122 - 135
    Cited by:  Papers (1)  |  Patents (20)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1092 KB)  

    A generalization of D. McCullough's (1987; 1988) restrictiveness model is given as the basis for providing security properties for distributed system designs. This generalization is mechanized for an event-based model of computer systems in the HOL (higher order logic) system to prove the composability of the model and several other properties about the model. A set of generalized classes of syste... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The SRI IDES statistical anomaly detector

    Publication Year: 1991 , Page(s): 316 - 326
    Cited by:  Papers (45)  |  Patents (52)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (960 KB)  

    SRI International's real-time intrusion-detection expert system (IDES) contains a statistical subsystem that observes behavior on a monitored computer system and adaptively learns what is normal for individual users and groups of users. The statistical subsystem also monitors observed behavior and identifies behavior as a potential intrusion (or misuse by authorized users) if it deviates significa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An analysis of the proxy problem in distributed systems

    Publication Year: 1991 , Page(s): 255 - 275
    Cited by:  Papers (15)  |  Patents (5)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1448 KB)  

    The authors look at the problem of delegation of rights or proxy in distributed object systems. Two signature-based schemes for achieving delegation which require different inter-object trust assumptions are presented. These schemes have been instantiated using public key and secret key based cryptographic techniques. Additional trust implications which arise from these implementations are also co... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The use of logic in the analysis of cryptographic protocols

    Publication Year: 1991 , Page(s): 156 - 170
    Cited by:  Papers (19)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1424 KB)  

    Logics for cryptographic protocol analysis are presented, and a study is made of the protocol features that they are appropriate for analyzing: some are appropriate for analyzing trust, others security. It is shown that both features can be adequately captured by a single properly designed logic. The goals and capabilities of M. Burrows, M. Abadi and R. Needham's (1989) BAN logic are examined. It ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward an approach to measuring software trust

    Publication Year: 1991 , Page(s): 198 - 218
    Cited by:  Papers (13)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1844 KB)  

    The authors have been involved in the development of an approach to measuring the trust of software, at some state in the software development life cycle. The primary emphasis has been on the use of well-known and generally accepted security and software engineering principles as a means for establishing software trust. A description of the critical issues related to software trust is provided her... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A separation model for virtual machine monitors

    Publication Year: 1991 , Page(s): 78 - 86
    Cited by:  Papers (7)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (836 KB)  

    A security policy is given for separation virtual machine monitors (SVMMs) and the authors interpret J.M. Rushby's (1981) separation model for SVMMs. Applying Rushby's technique yields a practical method for demonstrating that an implementation of an SVMM adheres to the abstract isolation axiom of the separation model, thus providing relatively strong assurance for a low level of effort. The autho... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Covert flow trees: a technique for identifying and analyzing covert storage channels

    Publication Year: 1991 , Page(s): 36 - 51
    Cited by:  Papers (7)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1328 KB)  

    A technique for detecting covert storage channels using a tree structure called a covert flow tree (CFT) is introduced. By traversing the paths of a CFT a comprehensive list of scenarios that potentially support covert communication via particular resource attributes can be automatically constructed. CFTs graphically illustrate the process through which information regarding the state of one attri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Intrusion tolerance in distributed computing systems

    Publication Year: 1991 , Page(s): 110 - 121
    Cited by:  Papers (45)  |  Patents (17)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1008 KB)  

    An intrusion-tolerant distributed system is a system which is designed so that any intrusion into a part of the system will not endanger confidentiality, integrity and availability. This approach is suitable for distributed systems, because distribution enables isolation of elements so that an intrusion gives physical access to only a part of the system. In particular, the intrusion-tolerant authe... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Storage channels in disk arm optimization

    Publication Year: 1991 , Page(s): 52 - 61
    Cited by:  Papers (8)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (828 KB)  

    The covert storage channels found in disk I/O optimization schemes are studied. The authors examine the source of the problems in the context of various disk architectures, propose several classes of generic solutions and conclude with recommendations for future storage-system architectures. The work was done as part of the covert channel analysis for Digital's VAX security kernel View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reducing timing channels with fuzzy time

    Publication Year: 1991 , Page(s): 8 - 20
    Cited by:  Papers (49)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1064 KB)  

    Fuzzy time is a collection of techniques that reduces the bandwidths of covert timing channels by making all clocks available to a process noisy. Developed in response to the problems posed by high-speed hardware timing channels, fuzzy time has been implemented in the VAX security kernel. Fuzzy time has proven to be highly effective against the timing channels in the VAX security kernel. Not only ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward a mathematical foundation for information flow security

    Publication Year: 1991 , Page(s): 21 - 34
    Cited by:  Papers (26)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1000 KB)  

    A general-purpose, probabilistic state machine model which can be used to model a large class of nondeterministic (as well as deterministic) computer systems is described. The necessary probability theory to rigorously state and prove probabilistic properties of modeled systems is developed. A definition of information flow-security making use of this formalism is given. Intuitively, information f... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A novel decomposition of multilevel relations into single-level relations

    Publication Year: 1991 , Page(s): 300 - 313
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (948 KB)  

    Presents a novel decomposition algorithm that breaks a multilevel relation into single-level relations and a novel recovery algorithm which reconstructs the original multilevel relation from the decomposed single-level relations. There are several novel aspects to these decomposition and recovery algorithms which provide substantial advantages over previous proposals. The algorithms are formulated... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Variable noise effects upon a simple timing channel

    Publication Year: 1991 , Page(s): 362 - 372
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (784 KB)  

    Investigates the effects of noise upon a simple timing channel. Shannon's information theory (C. Shannon et al., 1949) is used to quantify the resulting information flow across the channel. In particular the author studies how a probabilistic response time to a query by a low user affects the mutual information and channel capacity. He claims that we will never eliminate all covert channels in a m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modeling nondisclosure in terms of the subject-instruction stream

    Publication Year: 1991 , Page(s): 64 - 77
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (1032 KB)  

    A formal definition is given of nondisclosure for a computing system and the author describes a functional decomposition of the system into two kinds of activities, namely, the selection and execution of subject instructions. Security requirements for each of the two resulting subsystems are given, and it is proved that, if each subsystem satisfies its security requirements, then the entire system... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protecting security information in distributed systems

    Publication Year: 1991 , Page(s): 245 - 254
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandAbstract | PDF file iconPDF (720 KB)  

    It is shown how security information for user authentication, peer-entity authentication and access control is created and utilized in large distributed systems. The protection mechanisms used are hash functions, and symmetric and asymmetric cryptography. The authors describe and combine data formats for security information based on international standards from several standardization bodies View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.